Snowscan

@snowscan

Pentester :: CTF player :: HackTheBox ATeam

Canada
snowscan.io
Vrijeme pridruživanja: siječanj 2009.
6 fotografija ili videozapisa Fotografije i videozapisi

Tweetovi

Blokirali ste korisnika/cu @snowscan

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @snowscan

  1. proslijedio/la je Tweet
    1. velj

    RE just retired from . As the creator of the box, I tried to bring phishing/macro obfuscation concepts to the initial access. The intended privescs were the WinRar ACE file exploit, and XXE in Ghidra. I'll show two unintended privescs too.

    11 replies 115 proslijeđenih tweetova 461 korisnik označava da mu se sviđa
    Poništi
  2. 1. velj

    Another box solved the unintended way: RE. Once I had RCE after dropping an aspx webshell with the Winrar CVE, I used the UsoSvc service to gain SYSTEM and impersonated the Coby user to decrypt the root flag. Great box by .

    26 proslijeđenih tweetova 108 korisnika označava da im se sviđa
    Poništi
  3. 28. sij

    I just published my writeup for the mini websockets challenge of the BottomlessAbyss BBS CTF: Easy but fun challenge. Played with websockets in Python and did some HMAC secret bruteforcing.

    1 reply 8 proslijeđenih tweetova 42 korisnika označavaju da im se sviđa
    Poništi
  4. 26. sij

    I just made the switch from network architect/engineer to pentester this week. A bit of a career move risk but I feel it's gonna be worth it in the end. I needed to be challenged. Thanks to everyone who's helped me! 😊

    49 replies 8 proslijeđenih tweetova 436 korisnika označava da im se sviđa
    Poništi
  5. 25. sij

    One more writeup for AI from is up: That SQL injection using text-to-speech gave me a hard time.

    5 replies 13 proslijeđenih tweetova 62 korisnika označavaju da im se sviđa
    Poništi
  6. 18. sij

    I had a hard time finding the initial source code file for the launcher page on the Player box but I liked the LFI part using ffmpeg and the PHP deserialization priv esc at the end.

    7 proslijeđenih tweetova 52 korisnika označavaju da im se sviđa
    Poništi
  7. proslijedio/la je Tweet
    16. sij

    I am surprised there is not outrage regarding disclosure policy. 334 patches! Little documentation on impact or technical details. could learn a lot from @msft_security

    2 proslijeđena tweeta 12 korisnika označava da im se sviđa
    Poništi
  8. proslijedio/la je Tweet
    12. sij

    I was about to have a free weekend as exploit work had been done by others already. Took the time to write about a more or less related project: Getting access to an encrypted appliance VM by modifying memory with help of VBoxDbg.

    9 proslijeđenih tweetova 28 korisnika označava da im se sviđa
    Poništi
  9. proslijedio/la je Tweet
    12. sij

    Citrix Netscaler AMIs on default vulnerable out of the box. The root password is set to the instance ID; that can be read from the metadata URL. CVE-2019-19781 from nobody to ssh as root in seconds.

    8 replies 278 proslijeđenih tweetova 469 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  10. 11. sij

    I didn't solve Bitlab the intended way but I still go over the initial shell with the PHP RCE. I used the git hooks method to gain root since git pull was sudo'ed root. Check out my writeup:

    12 proslijeđenih tweetova 62 korisnika označavaju da im se sviđa
    Poništi
  11. 4. sij

    Happy new year everyone. Craft just got retired today: a cool box with an eval vulnerability in the application REST API and vault installed to generate an OTP token to get root. Here's my writeup:

    12 proslijeđenih tweetova 63 korisnika označavaju da im se sviđa
    Poništi
  12. proslijedio/la je Tweet
    2. sij

    lsassy 1.0.0 is finally out ! 🔸 Remotely dump **with built-in Windows tools only**, procdump is no longer necessary 🔸 Remotely parse lsass dumps to extract credentials 🔸 Link to to detect compromised users with path to Domain Admin

    12 replies 450 proslijeđenih tweetova 955 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  13. proslijedio/la je Tweet
    21. pro 2019.

    The is going strong. A new challenge is opening in less than 2 hours! Don't forget to check out the door games tournament as well. See you in there!

    1 proslijeđeni tweet 2 korisnika označavaju da im se sviđa
    Poništi
  14. proslijedio/la je Tweet
    17. pro 2019.

    The contest is going on full steam! Thanks for the great participation! Over 117 flags available already and we still have 30 days left. Lots of fun stuff! Surprise challenge will open tonight! Check it out!

    1 proslijeđeni tweet 2 korisnika označavaju da im se sviđa
    Poništi
  15. 14. pro 2019.

    Smasher2, one of the hardest box on HTB was just retired. Like many others, I did the auth bypass using an unintended bug in the web app. If you want to check out the intended way , check out Overcast's blog post:

    20 proslijeđenih tweetova 78 korisnika označava da im se sviđa
    Poništi
  16. 7. pro 2019.

    Wall just got retired. I did this one by doing recon on github and finding the creator's repo. I went back after to find the intended way to bypass the HTTP basic auth. Here's my writeup:

    19 proslijeđenih tweetova 85 korisnika označava da im se sviđa
    Poništi
  17. 30. stu 2019.

    I really liked the privesc for Heist where I took a memory dump of the running Firefox instance and grabbed credentials from it. I've posted my writeup for it here:

    12 proslijeđenih tweetova 82 korisnika označavaju da im se sviđa
    Poništi
  18. 23. stu 2019.

    Chainsaw's a pretty box cool. I learned about smart contracts while solving it. Check out my writeup:

    1 reply 12 proslijeđenih tweetova 55 korisnika označava da im se sviđa
    Poništi
  19. 16. stu 2019.

    Networked from was retired today. It's an easy box with an insecure upload vulnerability and command injections to escalate and gain root access.

    1 reply 10 proslijeđenih tweetova 54 korisnika označavaju da im se sviđa
    Poništi
  20. 9. stu 2019.

    Jarvis from was retired today. Here is my writeup: Easy box with SQL injection and command injection.

    7 proslijeđenih tweetova 41 korisnik označava da mu se sviđa
    Poništi

@snowscan još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·